This inventions relates to systems for interprocess communication in homogeneous and heterogeneous networks independent of the physical units and the physical network architecture.
Interprocess communication systems consist of one or more physically connected units executing two or more processes, which processes can build logicalxe2x80x94i.e. independent of the physical transmissionxe2x80x94connections between each other and exchange information via these logical connections. Homogeneous systems consist of units of the same kind controlled by programs of the same kind. Heterogeneous systems consist of similar or different units, which are controlled by similar or different programs, where the networking components of the controlling programs of each network unit are based on the same protocol to initiate connections and to exchange information.
Prior art logical connections are initiated according to the following scheme: A unit characterized by a unique physical identification executes a process (called server), which provides at least one logical connection endpoint, where the endpoint is identified by a local identification unique on the server executing unit. The server waits until another process (called client), which runs on the same or another unit, requests a connection to the said endpoint of the server. Suppose the units executing the server and the client are physically connected, and the client needs the unique identification of the unit executing the server and the local identification of the endpoint which the server provides. Both pieces of information together are sufficient to uniquely identify the endpoint of a server in the whole network. The server decides to accept or deny incoming connection requests. A connection is established only if the server accepts an incoming request, eventually after checking the clients access rights. If the check of the clients access rights turns out negative the server terminates the connection request and no connection is established. This mechanism allows only logical point-to-point connections between a single client and a single server. Logical connections between two clients, two servers or more than two client and/or servers are not possible.
Prior art services are transaction oriented servers, which wait for a transaction request after a successfull connection to a client has been established, upon reception of a transaction request execute a predefined action and eventually report the result of the action to the client. The complete sequence, starting at the transaction request and terminated by the transmission of the result is called a transaction. The transaction request of a client does not need to be sent explicitly as a message to the server. Instead the request can be implied by the client connecting to the server alone.
A connection between service and client can be established for a single transaction (temporary connection) or multiple transactions (standing connection). After completion of all transactions one communication partner closes the connection which signals to the other partner to close the connection on his side too.
Typical examples of such networks are the internet or internet like intranets, which are build of several programmable and physically Linked computers. Each computer is executed by an operating system, the network and the application programs. Homogeneous systems contain identical or different computers controlled by the same operating system. Heterogeneous systems contain similar or different computers controlled by the same or different operating systems. The networking programs follow typically the ISO/OSI-model, use the TCP/IP-stack and serve for the information exchange between different software components running on the same or different machines.
The mentioned description of prior art client/server systems in general is explained in the following paragraph taking the TCP/IP-protocol as well known example. The TCP/IP-protocol is per definition a connection oriented protocol based on the ISO/OSI-model between two uniquely identified communication partners, which permits on the one hand to build up a logical point-to-point connection between one unique client and one unique server, and on the other hand guarantees the reliable physical and logical message transmission between server and client, such that the transmitted bytes are received in the same order as they were sent independent of how many and which physical data packets a message needed to be split during physical transport and independent of the physical path each individual data packet was transmitted in the physical network.
A connection endpoint of a TCP/IP-server process is uniquely identified by the IP-address of the machine executing the TCP/IP-server process and a the port-address. The port-address can be interpreted as a logical address locally unique on the machine executing the server process. Thus network-wide unique TCP/IP-server addresses comprise the physical IP-address as well as the local logical port address. The vector (IP-address, port-address) is bound to the TCP/IP-server machine and not logical (i.e. independent of the physical unit), because it contains IP-address of the TCP/IP-server machine.
Typical systems working according to the described client/server principle are the operating systems Unix, Windows NT, OS/2 or Netware as well as the middleware DCE, TUXEDO or CORBA.
Prior art networks have the following disadvantages:
1. The client/server principle allows only point-to-point connections between a single client and a single server or service. Clients needing several services have to establish separate connections to each service.
2. If all components in a network should at any time have the possibility to establish connections to any other component, each component needs to be implemented as server and client simultanously. This increases the number of servers dramatically.
3. If n components of a system should communicate between each other the required number of bidirectional point-to-point connections is xc2xdn(nxe2x88x921) and increases proportionally to xc2xdn2. Systems of this kind can only be operated with large number of components under uneconomical conditions and are therefore not scalable to any size.
4. The reliability of the overall system decreases with the number of connections because the risk of a broken connection increases with each additional point-to-point connection.
5. Each unit executing a server needs to be identified uniquely in the whole network.
6. Clients need to know the unique identification of the server unit and the local identification of the connection endpoint to which they connect. This implies that servers are bound to their units and cannot be replaced by similar servers on different units without the clients knowledge of the identifications of the backup units. A client transparent replacement of a given server by another server on a different unit is not possible according to the prior art.
7. In practice each server is a potential security hazard because it alone is responsible to accept/execute a client""s connection/transaction. With increasing number of servers the security of the whole system decreases. To guarantee a defined security standard for the whole system each server needs to fullfill the same security standard, because the whole system is only as secure as the weakest server.
8. The history of a prior art network can be traced only with an enormous effort, because the network needs to be supervised on the physical level and the transmitted physical packets have to be assembled first to logical units to yield logically meaningfull messages or transactions. This holds especially for TCP/IP networks, which can only be effectively supervised by xe2x80x9cSniffingxe2x80x9dxe2x80x94i.e. the direct analysis of the physically transmitted data.
9. Prior art networks utilize firewalls to guarantee security. The firewalls are located between clients and servers and forward only predefined messages from predefined sources to predefined targets and allow only authorized clients to connect to and transact with authorized services. This additional filtering reduces the performance of the whole system.
These problems can be illustrated taking the TCP/IP-protocol as example:
1. A TCP/IP-client can communicate via a single connection only with a single TCP/IP-server, which means that a TCP/IP-client can neither communicate with another TCP/IP-client nor via a single connection with more than one TCP/IP-server.
2. A TCP/IP-server can accept via a single connection only a single TCP/IP-client, which means that a TCP/IP-server can neither communicate with other TCP/IP-servers nor via a single connection with more than one TCP/IP-client.
3. In all cases TCP/IP-clients need at least the IP-address of the TCP/IP-server machine as well as the port-address of the TCP/IP-server process to address a TCP/IP-server process uniquely in the whole network. The connection is bound to the TCP/IP-server machine because of the required IP-address.
The object of this invention is to realize an interprocess communication system without the aforementioned disadvantages, which offers the possibility of a unit independent logical communication of all components with each other, which allows for a client transparent replacement of services, while minimizing the transmission time of individual messages and optimizing the system reliability and security.
The present invention overcomes the prior art limitations by implementing a starlike interprocess communication systems consisting of an arbitrary number of homogeneous or heterogeneous physically connected units, where a central unit executes at least one central processxe2x80x94called Central Processxe2x80x94and at least one of the units executes peripheral process(es), which are connected to the Central Process via at least one standing logical bidirectional connection. The Central Process assigns logical identifications to the connections of the peripheral processes. Using these logical identifications peripheral processes can communicate independently of the physical units with selected peripheral processes or connections. Peripheral processes of the same kind can be exchanged transparently for other peripheral processes.
Peripheral processes can maintain parallel connections to multiple Central Processes and Central Processes can be linked directly or indirectly via Links to arbitrary hierachies or topologies. Multiple individual subsystems can access shared peripheral processes without knowledge of the other subsystems or being able to communicate with the other subsystems.
Networks according to this invention can run outside of firewall protected areas and still be accessed by a limited user group only.
The security of existing firewall systems can be increased a lot by appropriate interfacing of networks according to this invention to prior art networks.